Platform
php
Component
basercms
Fixed in
5.2.4
CVE-2026-30940 describes a Remote Code Execution (RCE) vulnerability affecting baserCMS versions 5.2.3 and earlier. This vulnerability stems from a path traversal flaw within the theme file management API, allowing an authenticated administrator to write arbitrary files. Successful exploitation could lead to complete system compromise. The vulnerability was published on 2026-03-31 and a patch is available in version 5.2.3.
The path traversal vulnerability in baserCMS allows an authenticated administrator to bypass security controls and write files outside the intended theme directory. By injecting malicious code into a PHP file, an attacker can achieve remote code execution on the server. This could lead to complete system takeover, including data theft, modification, or deletion, as well as the installation of backdoors. The impact is particularly severe because baserCMS is used to build websites, potentially exposing sensitive user data and business logic. A successful exploit could allow an attacker to deface the website, redirect users to malicious sites, or launch further attacks against other systems on the network.
As of this writing, CVE-2026-30940 is not listed on the CISA KEV catalog. Public proof-of-concept exploits are not yet widely available, but the vulnerability's nature and severity suggest a high probability of exploitation. The path traversal vulnerability is a well-understood attack vector, and the RCE potential makes it a high-value target for attackers. The vulnerability was disclosed publicly on 2026-03-31.
Exploit Status
EPSS
0.26% (49% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-30940 is to immediately upgrade baserCMS to version 5.2.3 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict access to the /baser/api/admin/bc-theme-file/theme_files/add.json endpoint to trusted administrators only. Implement strict input validation on the path parameter to prevent the inclusion of malicious sequences like ../. Web application firewalls (WAFs) configured to detect and block path traversal attempts can also provide an additional layer of defense. Monitor baserCMS logs for suspicious activity, particularly attempts to access or modify files outside the theme directory. After upgrading, confirm the fix by attempting to access the vulnerable API endpoint with a crafted payload and verifying that the request is rejected.
Update baserCMS to version 5.2.3 or higher. This version contains the fix for the path traversal vulnerability in the theme file management API.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-30940 is a Remote Code Execution vulnerability in baserCMS versions 5.2.3 and earlier, allowing authenticated admins to execute arbitrary code.
You are affected if you are using baserCMS versions 5.2.3 or earlier. Upgrade to 5.2.3 to resolve the vulnerability.
Upgrade baserCMS to version 5.2.3 or later. As a temporary workaround, restrict access to the vulnerable API endpoint and implement strict input validation.
While no active exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest a high probability of future attacks.
Refer to the official baserCMS security advisory for details and updates: [https://basercms.com/security/advisories](https://basercms.com/security/advisories)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.